)]}'
{"id":"openvpn~1715","triplet_id":"openvpn~master~I49b37b5a90554fa2d4a83c8fc5608dad2a36b835","project":"openvpn","branch":"master","attention_set":{},"removed_from_attention_set":{"1000003":{"account":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"last_update":"2026-06-22 11:10:35.000000000","reason":"removed on reply"},"1000002":{"account":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"last_update":"2026-06-22 14:42:13.000000000","reason":"Change was submitted"},"1000001":{"account":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"last_update":"2026-06-22 14:42:13.000000000","reason":"Change was submitted"},"1000007":{"account":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"last_update":"2026-06-22 14:42:13.000000000","reason":"Change was submitted"}},"hashtags":[],"change_id":"I49b37b5a90554fa2d4a83c8fc5608dad2a36b835","subject":"options: fix use-after-free of DNS options on client connect","status":"MERGED","created":"2026-06-21 21:25:03.000000000","updated":"2026-06-22 14:42:13.000000000","submitted":"2026-06-22 14:42:13.000000000","submitter":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"total_comment_count":3,"unresolved_comment_count":2,"has_review_started":true,"submission_id":"1715","meta_rev_id":"f2f1d2e1603e7b88d946969b7388bf3914c32a74","_number":1715,"virtual_id_number":1715,"owner":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"actions":{},"labels":{"Code-Review":{"all":[{"value":0,"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},{"value":0,"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},{"value":0,"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."}],"values":{"-2":"This shall not be submitted","-1":"I would prefer this is not submitted as is"," 0":"No score","+1":"Looks good to me, but someone else must approve","+2":"Looks good to me, approved"},"description":"","default_value":0}},"removable_reviewers":[],"reviewers":{"REVIEWER":[{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"}],"CC":[{"_account_id":1000026,"name":"openvpn-devel","email":"openvpn-devel@lists.sourceforge.net","username":"openvpn-devel"}]},"pending_reviewers":{},"reviewer_updates":[{"updated":"2026-06-21 21:25:04.000000000","updated_by":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"reviewer":{"_account_id":1000026,"name":"openvpn-devel","email":"openvpn-devel@lists.sourceforge.net","username":"openvpn-devel"},"state":"CC"},{"updated":"2026-06-21 21:25:04.000000000","updated_by":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"reviewer":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"state":"REVIEWER"},{"updated":"2026-06-22 08:04:42.000000000","updated_by":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"reviewer":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"state":"REVIEWER"},{"updated":"2026-06-22 10:37:18.000000000","updated_by":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"reviewer":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"state":"REVIEWER"}],"messages":[{"id":"96c3f793d7368f14d44407c43fae583a9a95389a","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"date":"2026-06-21 21:25:03.000000000","message":"Uploaded patch set 1.","accounts_in_message":[],"_revision_number":1},{"id":"bc7d172cef7e17ab6c98c0e6a68c6f1d846d9310","author":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"date":"2026-06-22 08:04:42.000000000","message":"Patch Set 1: Code-Review-1\n\n(2 comments)","accounts_in_message":[],"_revision_number":1},{"id":"eeb01765f5f1ac22f7634da0f51bfdb6e2bd6b84","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"date":"2026-06-22 09:29:42.000000000","message":"Uploaded patch set 2.\n\nOutdated Votes:\n* Code-Review-1 (copy condition: \"changekind:NO_CHANGE OR changekind:TRIVIAL_REBASE OR is:MIN\")\n","accounts_in_message":[],"_revision_number":2},{"id":"085d3979227e45fb52a5e60e9cef906e640cb372","author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"date":"2026-06-22 10:37:18.000000000","message":"Patch Set 2: Code-Review-1\n\n(1 comment)","accounts_in_message":[],"_revision_number":2},{"id":"151b34194cf2b8900571eddc3bae147828746b80","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"date":"2026-06-22 10:38:00.000000000","message":"Uploaded patch set 3.\n\nOutdated Votes:\n* Code-Review-1 (copy condition: \"changekind:NO_CHANGE OR changekind:TRIVIAL_REBASE OR is:MIN\")\n","accounts_in_message":[],"_revision_number":3},{"id":"c5eee2f5f036bb1822be63cf46763fcbd9651980","author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"date":"2026-06-22 11:10:35.000000000","message":"Patch Set 3: Code-Review+2","accounts_in_message":[],"_revision_number":3},{"id":"f2f1d2e1603e7b88d946969b7388bf3914c32a74","tag":"autogenerated:gerrit:merged","author":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"date":"2026-06-22 14:42:13.000000000","message":"Change has been successfully pushed.","accounts_in_message":[],"_revision_number":4}],"current_revision_number":4,"current_revision":"97ec63372ab354ad48c89e73d1e37715679370ba","revisions":{"a7817549891e7005fc0ca408396cfef95a1d30dd":{"kind":"REWORK","_number":1,"created":"2026-06-21 21:25:03.000000000","uploader":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"ref":"refs/changes/15/1715/1","fetch":{"anonymous http":{"url":"http://gerrit.openvpn.net/openvpn","ref":"refs/changes/15/1715/1","commands":{"Branch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/15/1715/1 \u0026\u0026 git checkout -b change-1715 FETCH_HEAD","Checkout":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/15/1715/1 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/15/1715/1 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/15/1715/1 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull http://gerrit.openvpn.net/openvpn refs/changes/15/1715/1","Reset To":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/15/1715/1 \u0026\u0026 git reset --hard FETCH_HEAD"}}},"commit":{"parents":[{"commit":"2b8afc6c685f4e451fd0fa5aa37f18147520dfc1","subject":"openvpnserv: always use W variant of RpcStringFree()"}],"author":{"name":"Antonio Quartulli","email":"antonio@mandelbit.com","date":"2026-06-21 21:20:41.000000000","tz":120},"committer":{"name":"Antonio Quartulli","email":"antonio@mandelbit.com","date":"2026-06-21 21:20:41.000000000","tz":120},"subject":"options: fix use-after-free of DNS options on client connect","message":"options: fix use-after-free of DNS options on client connect\n\nstruct dns_options embeds its own gc_arena. When inherit_context_child()\n/inherit_context_top() copy struct options by value, the child shares the\nparent\u0027s DNS arena. options_detach() detached o-\u003egc but not\no-\u003edns_options.gc, so pre_connect_restore()\u0027s gc_free() (and context\nteardown) freed allocations the parent still referenced.\n\nWith one or more non-pushed --dhcp-option directives that yield a DNS\nentry, a connecting client triggers this and the server crashes\n(use-after-free in setenv_dns_options(), reported as a double free).\n\nDetach o-\u003edns_options.gc as well, mirroring the existing o-\u003egc handling.\n\nChange-Id: I49b37b5a90554fa2d4a83c8fc5608dad2a36b835\nSigned-off-by: Antonio Quartulli \u003cantonio@mandelbit.com\u003e\n"},"branch":"refs/heads/master"},"bddd85297e4aa6c7c8560aa819d8ca3be54c5e52":{"kind":"REWORK","_number":2,"created":"2026-06-22 09:29:42.000000000","uploader":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"ref":"refs/changes/15/1715/2","fetch":{"anonymous http":{"url":"http://gerrit.openvpn.net/openvpn","ref":"refs/changes/15/1715/2","commands":{"Branch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/15/1715/2 \u0026\u0026 git checkout -b change-1715 FETCH_HEAD","Checkout":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/15/1715/2 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/15/1715/2 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/15/1715/2 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull http://gerrit.openvpn.net/openvpn refs/changes/15/1715/2","Reset To":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/15/1715/2 \u0026\u0026 git reset --hard FETCH_HEAD"}}},"commit":{"parents":[{"commit":"2b8afc6c685f4e451fd0fa5aa37f18147520dfc1","subject":"openvpnserv: always use W variant of RpcStringFree()"}],"author":{"name":"Antonio Quartulli","email":"antonio@mandelbit.com","date":"2026-06-21 21:20:41.000000000","tz":120},"committer":{"name":"Antonio Quartulli","email":"antonio@mandelbit.com","date":"2026-06-22 09:28:51.000000000","tz":120},"subject":"options: fix use-after-free of DNS options on client connect","message":"options: fix use-after-free of DNS options on client connect\n\nstruct dns_options embeds its own gc_arena. When inherit_context_child()\n/inherit_context_top() copy struct options by value, the child shares the\nparent\u0027s DNS arena. options_detach() detached o-\u003egc but not\no-\u003edns_options.gc, so pre_connect_restore()\u0027s gc_free() (and context\nteardown) freed allocations the parent still referenced.\n\nWith one or more non-pushed --dhcp-option directives that yield a DNS\nentry, a connecting client triggers this and the server crashes\n(use-after-free in setenv_dns_options(), reported as a double free).\n\nDetach o-\u003edns_options.gc as well, mirroring the existing o-\u003egc handling.\n\nChange-Id: I49b37b5a90554fa2d4a83c8fc5608dad2a36b835\nGitHub: closes openvpn/OpenVPN#1060\nSigned-off-by: Antonio Quartulli \u003cantonio@mandelbit.com\u003e\n"},"branch":"refs/heads/master"},"afeea8df799b1bb1c3fad0cb00fc336538f0217d":{"kind":"REWORK","_number":3,"created":"2026-06-22 10:38:00.000000000","uploader":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"ref":"refs/changes/15/1715/3","fetch":{"anonymous http":{"url":"http://gerrit.openvpn.net/openvpn","ref":"refs/changes/15/1715/3","commands":{"Branch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/15/1715/3 \u0026\u0026 git checkout -b change-1715 FETCH_HEAD","Checkout":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/15/1715/3 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/15/1715/3 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/15/1715/3 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull http://gerrit.openvpn.net/openvpn refs/changes/15/1715/3","Reset To":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/15/1715/3 \u0026\u0026 git reset --hard FETCH_HEAD"}}},"commit":{"parents":[{"commit":"2b8afc6c685f4e451fd0fa5aa37f18147520dfc1","subject":"openvpnserv: always use W variant of RpcStringFree()"}],"author":{"name":"Antonio Quartulli","email":"antonio@mandelbit.com","date":"2026-06-21 21:20:41.000000000","tz":120},"committer":{"name":"Antonio Quartulli","email":"antonio@mandelbit.com","date":"2026-06-22 10:37:55.000000000","tz":120},"subject":"options: fix use-after-free of DNS options on client connect","message":"options: fix use-after-free of DNS options on client connect\n\nstruct dns_options embeds its own gc_arena. When inherit_context_child()\n/inherit_context_top() copy struct options by value, the child shares the\nparent\u0027s DNS arena. options_detach() detached o-\u003egc but not\no-\u003edns_options.gc, so pre_connect_restore()\u0027s gc_free() (and context\nteardown) freed allocations the parent still referenced.\n\nWith one or more non-pushed --dhcp-option directives that yield a DNS\nentry, a connecting client triggers this and the server crashes\n(use-after-free in setenv_dns_options(), reported as a double free).\n\nDetach o-\u003edns_options.gc as well, mirroring the existing o-\u003egc handling.\n\nChange-Id: I49b37b5a90554fa2d4a83c8fc5608dad2a36b835\nGitHub: closes openvpn/OpenVPN#1060\nSigned-off-by: Antonio Quartulli \u003cantonio@mandelbit.com\u003e\n"},"branch":"refs/heads/master"},"97ec63372ab354ad48c89e73d1e37715679370ba":{"kind":"TRIVIAL_REBASE_WITH_MESSAGE_UPDATE","_number":4,"created":"2026-06-22 14:42:13.000000000","uploader":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"ref":"refs/changes/15/1715/4","fetch":{"anonymous http":{"url":"http://gerrit.openvpn.net/openvpn","ref":"refs/changes/15/1715/4","commands":{"Branch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/15/1715/4 \u0026\u0026 git checkout -b change-1715 FETCH_HEAD","Checkout":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/15/1715/4 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/15/1715/4 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/15/1715/4 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull http://gerrit.openvpn.net/openvpn refs/changes/15/1715/4","Reset To":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/15/1715/4 \u0026\u0026 git reset --hard FETCH_HEAD"}}},"commit":{"parents":[{"commit":"4e4236ded8ce8e7e191a5091d55c286c0071f341","subject":"options: Move \u003c\u003d 0 check for keepalive settings earlier"}],"author":{"name":"Antonio Quartulli","email":"antonio@mandelbit.com","date":"2026-06-22 12:08:51.000000000","tz":120},"committer":{"name":"Gert Doering","email":"gert@greenie.muc.de","date":"2026-06-22 13:28:19.000000000","tz":120},"subject":"options: fix use-after-free of DNS options on client connect","message":"options: fix use-after-free of DNS options on client connect\n\nstruct dns_options embeds its own gc_arena. When inherit_context_child()\n/inherit_context_top() copy struct options by value, the child shares the\nparent\u0027s DNS arena. options_detach() detached o-\u003egc but not\no-\u003edns_options.gc, so pre_connect_restore()\u0027s gc_free() (and context\nteardown) freed allocations the parent still referenced.\n\nWith one or more non-pushed --dhcp-option directives that yield a DNS\nentry, a connecting client triggers this and the server crashes\n(use-after-free in setenv_dns_options(), reported as a double free).\n\nDetach o-\u003edns_options.gc as well, mirroring the existing o-\u003egc handling.\n\nChange-Id: I49b37b5a90554fa2d4a83c8fc5608dad2a36b835\nGitHub: closes openvpn/OpenVPN#1060\nSigned-off-by: Antonio Quartulli \u003cantonio@mandelbit.com\u003e\nAcked-by: Arne Schwabe \u003carne-openvpn@rfc2549.org\u003e\nGerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1715\nMessage-Id: \u003c20260622120856.21586-1-gert@greenie.muc.de\u003e\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg37230.html\nSigned-off-by: Gert Doering \u003cgert@greenie.muc.de\u003e\n"},"branch":"refs/heads/master"}},"requirements":[],"submit_records":[],"submit_requirements":[]}